NR'15 



We claim: 

1 1 . A system for traversing a network address translationyfirewall device, 

2 having a public side and a private side, with network traffic, the network traffic 

3 passing between a device on the private side and a device on the public side; the 

4 system comprising: 

5 a network processing system on the public side of the network address 

6 translation/firewall device, the network processing system operable to anchor network 

7 traffic to and from the private side of the network address translation/firewall device; 

8 and 

9 a traversal client on the private side of the network address translation/firewall 

10 device having a connection with the network processing system, wherein the traversal 

1 1 client is operable to pass packets through the network address translation/firewall 

12 device in order to create allocations in the network address translation/firewall device 

13 to allow the network traffic to pass between the private side device and the public side 

14 device, and wherein the traversal client does not reside in the path of the traffic 

15 between the private side device and the public side device. 
1 

1 2. The system of Claim 1 wherein the anchoring by the network 

2 processing system is accomplished by substituting the address associated with the 

3 private side device with an address assigned to the network processing system. 
1 

1 3. The system of Claim 1 wherein the packets sent by the traversal client 

2 through the network address translation/firewall to create allocations in the network 

3 address translation/firewall device are formed in the network processing system and 

4 sent to the traversal client over the secure connection, 
1 

1 4. The system of Claim 1 wherein the network traffic is a voice-over- 

2 Internet Protocol session. 
1 

1 5. The system of Claim 4 wherein the voice-over-Internet Protocol call 

2 uses SIP messaging. 
1 
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1 6. The system of Claim 4 wherein the voice-over-Internet-Protocol 

2 session includes signaling traffic separate from the bearer traffic, and wherein the 

3 signaling traffic from the public side device is transmitted to the private side device 

4 using the traversal client and the secure connection. 
1 

1 7. The system of Claim 4 wherein the private side device must register 

2 with a registrar on the public side of the network address translation/firewall device in 

3 order to receive voice-over-Intemet-Protocoi calls. 
1 

1 8. A method for traversing a network address translation/firewall device, 

2 having a public side and a private side, with bidirectional network traffic, the 

3 bidirectional network traffic passing between a device on the private side and a device 

4 on the public side; the system comprising: 

5 receiving packets at a network processing system, the network processing 

6 system on the public side of the network address translation/firewall device; 

7 passing control information bound for the private side device through a 

8 traversal client, the traversal client having a secure connection with the network 

9 processing system; 

10 creating allocations in the network address translation/firewall device to allow 

1 1 the bidirectional network traffic through the network address translation/firewall 

12 device, the allocations created by sending a test packet from the traversal client to the 

13 network processing system through the network address translation/firewall device, 

14 wherein the traversal client does not reside in the path of the traffic between the 

15 private side device and the public side device. 
1 

1 9. The method of Claim 8 further comprising the step of anchoring the 

2 network traffic to and from the private side of the network address translation/firewall 

3 device using the network processing system. 
1 

1 10. The method of Claim 9 wherein the step of anchoring is accomplished 

2 by substituting the address associated with the private side device with an address 

3 assigned to the network processing system. 
1 
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1 11. The method of Claim 8 wherein the test packet sent by the traversal 

2 client through the network address translation/firewall to create allocations in the 

3 network address translation/firewall device are formed in the network processing 

4 system and sent to the traversal client over the secure connection. 
1 

1 12. The method of Claim 8 wherein the traffic is a voice-over-Internet 

2 Protocol session, 
1 

1 1 3- The system of Claim 12 wherein the voice-over-Internet Protocol call 

2 uses SIP messaging. 
1 

1 14. The system of Claim 13 wherein the voice-over-Intemet-Protocol 

2 session includes signaling traffic separate from the bearer traffic, and wherein the 

3 signaling traffic from the public side device is transmitted to the private side device 

4 using the traversal client and the secure connection. 
1 

1 15. The system of Claim 12 wherein the private side device must register 

2 with a registrar on the public side of the network address translation/firewall device in 

3 order to receive voice-over-Intemet-Protocol calls. 
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